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1 CLAIMS 

2 

3 I claim: 

1 LA method of securely conveying a data product, the method comprising the steps 

2 of: 

3 establishing an authorization key that defines (i) verification information indicative of at 

4 least one authorized entity and (ii) a cryptographic key to the data product; 

5 encrypting the authorization key, thereby producing an encrypted authorization key that 

6 can be decrypted using a decryption key; and 

p 7 providing the encrypted authorization key to a system that (i) has access to the decryption 

yl 8 key and can therefore decrypt the encrypted authorization key and (ii) is programmed to decrypt 

U 9 the authorization key and to use the verification information to validate use of the data product. 

m 

•^10 
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1, 1 2. The method of claim 1 , fiirther comprising the steps of: 

2 receiving the encrypted authorization key; 

i 3 using the decryption key to decrypt the encrypted authorization key, and thereby 

4 uncovering the verification information and the cryptographic key to the data product; and 

5 using the verification information to validate use of the data product. 
6 

1 3. The method of claim 2, wherein using the verification information to validate use 

2 of the data product comprises comparing at least a portion of the verification information to 

3 predetermined information associated with the system, to determine whether the system is 

4 authorized to use the data product. 
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1 4. The method of claim 3, wherein the predeteraiined information associated with 

2 the system comprises a system ID. 
3 

1 5. The method of claim 1, wherein providing the encrypted authorization key to the 

2 system comprises sending the encrypted authorization key to the system via a wireless 

3 communications network. 
4 

1 6. The method of claim 1, wherein providing the encrypted authorization key to the 



2 system comprises recording the encrypted authorization key on a data storage medium and then 
^ 3 providing the data storage medium to the system. 

m 4 

w 

^} 1 7. The method of claim 6, further comprising the steps of: 

' 2 the system reading the encrypted authorization key from the data storage medium; 

Is 

2 3 the system using the decryption key to decrypt the encrypted authorization key and 

£g 4 thereby uncovering the verification information and the cryptographic key to the data product; 

O 5 and 

6 the system using the verification information to validate use of the data product. 

7 

1 8. The method of claim 7, wherein using the verification information to validate use 

2 of the data product comprises comparing at least a portion of the verification information to 

3 predetermined information associated with the data storage medium, to determine whether the 

4 data storage medium is authorized to store the data product. 
5 
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1 9. The method of claim 8, wherein the predetermined information associated with 

2 the data storage medium comprises a data storage medium ID. 
3 

1 10. The method of claim 1, wherein the data product comprises a database of 

2 geographic information. 
3 

1 1 1 . A method of securely conveying data, the method comprising the steps of: 

2 assembling a set of authorization parameters associated with the data; 

3 computing a first checksum of the set of authorization parameters; 
a 4 generating a first cryptographic key substantially randomly; 

m 5 using the first cryptographic key to symmetrically encrypt the set of authorization 

W 

? 6 parameters, so as to produce an encrypted set of authorization parameters; 

7 encrypting a combination of the first cryptographic key and the first checksum, so as to 

S 8 produce a header value that can be decrypted using a second cryptographic key; and 

9 providing the header value, together with the data, for access by a receiving end. 

a 10 

1 12. The method of claim 1 1 , further comprising the following steps performed at the 

2 receiving end: 

3 using the second cryptographic key to decrypt the header value, so as to produce an 

4 decrypted header value; 

5 retrieving the first cryptographic key and first checksum firom the decrypted header value; 

6 using the first cryptographic key to decrypt the encrypted set of authorization parameters; 

7 computing a second checksum of the set of authorization parameters; 
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8 comparing the second checksum with the first checksum, and refusing to access the data 

9 if the second checksum does not match the first checksum; and 

10 using the set of authorization parameters to verify authorization to access the data. 

11 

1 13. The method of claim 12, further comprising encrypting the data before providing 

2 the data and header value for access by the receiving end. 
3 

1 14. A method of securely conveying data, the method comprising the steps of: 

2 assembling an authorization key that includes verification information indicative of a data 
J 3 storage medium on v^hich the data is authorized to be stored; and 

gi 4 encrypting the authorization key and the data, thereby producing an encrypted 

Cfl 5 authorization key and encrypted data; 

ry 6 storing the encrypted authorization key and encrypted data on a given data storage 

7 medium; and 

8 thereafter providing the given data storage medium to a system that is programmed to 
g 9 decrypt the authorization key and to determine, by reference to the verification information 

10 whether the given storage medium is the data storage medium on which the data is authorized to 

1 1 be stored. 
12 

1 15. The method of claim 14, further comprising the system decrypting the encrypted 

2 data only if the verification information indicates that the given storage medium is the data 

3 storage medium on which the date is authorized to be stored. 
4 
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1 16. A method of securely communicating a data product, while allowing the data 

2 product to be used in connection with at least one authorized entity, the at least one authorized 

3 entity having an associated identification code, the method comprising: 

4 symmetrically encrypting at least a portion of the data product using a first cryptographic 

5 key, thereby producing an encrypted portion of the data product that can be symmetrically 

6 decrypted using the first cryptographic key; 

7 establishing an authorization key including verification information; 

8 computing a first value as a first function of input parameters including (i) the 

9 identification code and (ii) a second value; 

JJlO combining the first value with the first cryptographic key to produce a third value; 

gil 1 adding the third value to the authorization key; 

y 

gJ12 thereafter using the first value as a second cryptographic key to symmetrically encrypt 

'^"^13 the authorization key, so as to produce an encrypted authorization key that can be decrypted 

i:i4 using the first value; 

J:^15 encrypting at least the second value to produce an encrypted value that can be decrypted 

q16 using a third cryptographic key; and 

17 providing to a receiving-end at least (i) the encrypted value, (ii) the encrypted 

18 authorization key, and (iii) the encrypted portion of the data product, 

19 whereby, if the receiving end has access to the third cryptographic key and the input 

20 parameters, the receiving end may be able to uncover the first authorization key and the 

21 cryptographic key and may therefore be able to access the verification information and decrypt 

22 the encrypted portion of the data product. 

23 
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1 17. The method of claim 16, wherein the data product comprises geographical 

2 information, the authorized entity comprises a navigation system, and the identification code 

3 comprises a navigation system ID. 
4 

1 18. The method of claim 16, wherein the data product comprises geographical 

2 information, the authorized entity comprises a data storage device, and the identification code 

3 comprises a storage device ID. 
4 

1 19. The method of claim 1 6, wherein the first function comprises a hash function. 

U 

iffl 1 20. The method of claim 19, wherein the input parameters further include a 

fi ii i 

K 2 predetermined segment of the encrypted portion of the data product. 

^ I 21. The method of claim 16, wherein combining the first value with the first 

Q 2 cryptographic key to produce a third value comprises computing an XOR sum of the first value 

□ 3 and the first cryptographic key. 

4 

1 22. The method of claim 16, wherein encrypting at least the second value to produce 

2 an encrypted value that can be decrypted with a third cryptographic key comprises: 

3 combining the second value with a checksum of the authorization key; and 

4 using a public key encryption algorithm to encrypt the second value 

5 
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1 23. The method of claim 1 6, further comprising the following steps: 

2 receiving at the receiving-end (i) the encrypted value, (ii) the encrypted authorization 

3 key, and (iii) the encrypted portion of the data product, 

4 using the third cryptographic key to decrypt the encrypted value 

5 computing the first value as the first fiinction of the input parameters; 

6 using the first value as the second cryptographic key to symmetrically decrypt the 

7 encrypted authorization key; 

8 extracting the third value fi"om the authorization key; 

9 using the third value and the first value to generate the first cryptographic key; and 
^5 10 using the first cryptographic key to symmetrically decrypt the encrypted portion of the 

1 1 data product. 

1 24. Th method of claim 23, further comprising, at the receiving-end, verifying the 



Q 

S 2 checksum of the authorization key. 

m 3 

O 1 25. The method of claim 23, wherein using the third value and the first value to 

2 generate the first cryptographic key comprises computing an XOR sum of the third value and the 

3 first value. 
4 

1 26. The method of claim 23, fiirther comprising the step of validating use of the data 

2 product by reference to the verification information. 

3 
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1 27. A method of securing a data product against unauthorized use, while allowing the 

2 data product to be used in connection with at least one authorized entity, the at least one 

3 authorized entity having an associated identification code, the method comprising: 

4 symmetrically encrypting at least a portion of the data product using a first cryptographic 

5 key, thereby producing an encrypted portion of the data product that can be symmetrically 

6 decrypted using the first cryptographic key; 

7 establishing an authorization key including verification information; 

8 computing a first value as a first function of input parameters including (i) the 

9 identification code and (ii) a second value; 

JlO combining the first value with the first cryptographic key to produce a third value; 

^ * 

Oil 1 adding the third value to the authorization key; 

hi 

m\2 thereafter using the first value as a second cryptographic key to symmetrically encrypt 

™13 the authorization key, so as to produce an encrypted authorization key that can be decrypted 
using the first value; and 

J^15 encrypting at least the second value to produce an encrypted value that can be decrypted 

O 

p 1 6 using a third cryptographic key. 
17 

1 28. The method of claim 27, further comprising randomly generating the first 

2 cryptographic key. 
3 

1 29. The method of claim 27, wherein the portion of the data product comprises the 

2 entire database. 
3 
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1 30. The method of claim 27, wherein the portion of the data product comprises 

2 information required to understand contents of the data product. 

3 

1 31. The method of claim 30, wherein the information required to understand contents 

2 of the data product is selected from the group consisting of (i) database decompression 

3 information and (ii) pointers. 
4 

1 32. The method of claim 27, wherein the data product comprises geographic 

2 information. 

PI 

01 1 33. The method of claim 27, wherein the data product comprises geographic 

^5 2 information, the authorized entity comprises a navigation system, and the identification code 

3 comprises a navigation system ID. 




5 1 34. The method of claim 27, wherein the data product comprises geographic 

in 

n 2 information, the authorized entity comprises a data storage device, and the identification code 

3 comprises a storage device ID. 
4 

1 35. The method of claim 27, wherein the first function comprises a hash function. 

2 

1 36. The method of claim 27, wherein the input parameters further include a 

2 predetermined segment of the encrypted portion of the data product. 

3 
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1 37. The method of claim 27, wherein combining the first value with the first 

2 cryptographic key to produce a third value comprises computing an XOR sum of the first value 

3 and the first cryptographic key. 

4 

1 38. The method of claim 27, wherein encrypting at least the second value to produce 

2 an encrypted value that can be decrypted with a third cryptographic key comprises: 

3 combining the second value with a checksum of the authorization key; and 

4 using a public key encryption algorithm to encrypt the second value 
5 

y 1 39. A system for securing a data product against unauthorized use, while allowing the 

2 data product to be used in connection with at least one authorized entity, the system comprising: 

3 a processor; 

■£4 

fU 4 a data storage medium; and 

B 5 a set of machine language instructions stored in the data storage medium and executable 

6 by the processor to carry out the method steps of claim 27. 

iyy 
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